Results 1 to 7 of 7

Thread: Changing Fingerprint

  1. #1
    Junior Member
    Join Date
    Feb 2004
    Location
    Greece
    Posts
    16

    Exclamation Changing Fingerprint

    Hello AOers.. I am running slackware 10 on a x86 box and I am wondering how can I change my fingerprint
    In a nmap -O scan I see that I am running somewhat-linux, kernel 2.6.xx etc..
    I know that there is a way to change this or to hide it... But I dont know how.
    this could be good for security reasons (if someone doesnt know what OS you are running that makes more difficult to crack the box)
    any ideas?

  2. #2
    Senior Member mungyun's Avatar
    Join Date
    Apr 2004
    Location
    Illinois
    Posts
    172
    this could be good for security reasons
    Do you realize that a lot of black hat hackers use this technique for illegal reasons?

    I personally don't care if someone sees my fingerprint. If you do nothing wrong, you shouldn't worry about it. Do you have something hackers may want? (You don't have to say what, just curious)
    I believe in making the world safe for our children, but not our children’s children, because I don’t think children should be having sex. -- Jack Handey

  3. #3
    How about you put up a firewall instead? Or end the extra services you are running? Nmap gets that fingerprint by reviewing the response from a port scan. If you run XP services, it will return a XP fingerprint. So instead of changing the way you look, how about about being invisible?

    Look up IPTables and Firestarter.
    http://firestarter.sourceforge.net/

    Hey mungyun-

    Would you mind if hackers rooted your box to host kiddie porn? It's not always about you and your information, its protecting your box so you don't end up hosting warez or bouncing worms unwillingly.

  4. #4
    Senior Member DeadAddict's Avatar
    Join Date
    Jun 2003
    Posts
    2,583
    I believe the reasons listed below mungyun are more than enough of a reason to do it.
    [list=1][*]Revealing what operating system you are running makes things alot easier to find and successfully run an exploit against any of your devices.
    [*]Having and unpatched or a old operating system version is not very convenient for your company. as a example say your company is a bank and some of your users just happen to notice that you are running a unpatched box. I know they will lose trust in you and the bank very quickly!
    I know I would move to another bank
    [*]If people know your Operating System it can also become very dangerous, because people can guess which applications are you running in that operating system. as a example if your system is Windows, and you have a database running, it's very likely that you are running MS-SQL.
    [*]And finally the one that really matters is privacy nobody needs to know the systems you've got running unless you want them to know.[/list=1]

  5. #5
    Senior Member
    Join Date
    Jun 2003
    Posts
    723
    IMHO its a waste of time to bother.
    Do unto others as you would have them do unto you.
    The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
    -- true colors revealed, a brown shirt and jackboots

  6. #6
    Antionline's Security Dude instronics's Avatar
    Join Date
    Dec 2002
    Posts
    901
    Originally posted here by mungyun
    Do you realize that a lot of black hat hackers use this technique for illegal reasons?

    I personally don't care if someone sees my fingerprint. If you do nothing wrong, you shouldn't worry about it. Do you have something hackers may want? (You don't have to say what, just curious)
    That is not the answer to the question being asked! I too would be interested in the details of how todo this. All i know is, its goto do with spoofing something in the kernel. Im not sure about the details. This has been posted before on AO about a year ago i think.

    I agree that it is a sweet addon for security. Its not about substituting this against securing a box properly... after a box has been secured properly, then its a nice bonus to it.

    Hmm, maybe an indepth tutorial by one of our AO gurus would be possible?

    Cheers.

    /oops
    I cant find that thread that was posted here about that same subject.. all i recall was that the fingerprint said: Nintento gameboy or something like that. D:
    Ubuntu-: Means in African : "Im too dumb to use Slackware"

  7. #7
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Hey Hey

    I believe this is what you're all looking for: http://www.l0t3k.org/biblio/fingerpr...ting_nmap.html.

    The purpose of this paper is to try to enumerate and briefly describe all applications and technics deployed for defeating Nmap OS Fingerprint, but in any case, security by obscurity is not good approach; it can be a good security measure but please take into account that is more important to have a tight security environment (patches, firewalls, ids, ...) than hiding your OS.

    Learning which Operating System is running in a remote system can be very valuable for both the pen-tester and the black-hat. Suppose that they find an open port in their (approved or not) penetration; knowing the OS makes easier to find and execute an exploit against that service, because often an exploit is OS version specific, and an exploit for Sendmail running on HP-UX won't work for Sendmail running on AIX, or being more accurate, an AIX 4.3.3 exploit could not work in a system running 4.3.3 with the latest maintenance code applied. Fyodor (Nmap's author) has written a detailed article about remote OS Fingerprint, describing some different methods to successfully detect the remote OS, from the basic ones, to the more powerful ones.

    In the beginning, guessing the remote OS was done grabbing the banner that a specific service was serving. For example, a typical telnet or FTP banner was always shown to the entire world, telling which OS was running, or if the banner has been changed or removed, some service commands could be executed to know the OS (remember the SYST in the FTP). Other basic ways to know the OS could be searching for HINFO entries in the DNS server, or trying to get information using snmp (lot of devices have enabled by default snmp access using the 'public' community string). Even searching for the target company jobs posting in the Internet, dumpster diving looking for OS manuals, or social engineering are valid methods for trying to know the remote OS.

    Then, some more advanced network solutions were deployed, taking advantage of each OS vendor TCP/IP stack implementation. The idea is to send some crafted packets to the remote OS and wait for its answer. Those packets are "nasty" packets, crafted with uncommon TCP options or with 'impossible' options. Each OS has its own TCP/IP stack implementation, there isn't a common stack implementation for every OS and this issue allows to create a classification of different OS and versions according to their answers. Playing around with those tricky packets is how remote OS Fingerprinting tools work; some of them using the TCP/IP protocol, and others using the ICMP protocol.

    There is a paper about 'Defeating TCP/IP Stack Fingerprinting' that describes in high level the design and implementation of a TCP/IP Stack fingerprint scrubber. That paper outlines why and how you can defeat TCP/IP OS Fingerprinting, so I am not going to talk too much about that; therefore I will focus on the solutions available out there.
    Peace,
    HT

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •